Description
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-03-01
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption via local manipulation of Boxed_Number::get_as
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the chaiscript::Boxed_Number::get_as function within boxed_number.hpp. When a manipulated input is passed to this function, it causes uncontrolled memory corruption. This flaw can overwrite nearby memory, potentially leading to crashes or arbitrary code execution if a local attacker can influence the data processed by the function. The flaw is a classic out‑of‑bounds write (CWE-119) combined with a use‑after‑free or buffer overrun scenario (CWE-787). The impact is limited to the host process but may compromise confidentiality, integrity, or availability of the application executing the script.

Affected Systems

All installations of ChaiScript up to and including version 6.1.0 are affected. The issue was identified in the ChaiScript code base, which is publicly available on GitHub. Users running any build of the library that includes the vulnerable get_as implementation are at risk, regardless of the specific application compiled with it.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity, but the EPSS score is less than 1%, reflecting a low likelihood of exploitation in the wild at present. The flaw is not listed in the CISA KEV catalog, and exploit code has been released publicly. Because the attack requires local access, an attacker who can execute code with the same privileges as the running process can exploit the memory corruption. Organizations should prioritize applying a fix or mitigation as soon as a patched version becomes available, as local privilege escalation via this flaw could have significant downstream effects on application stability and security.

Generated by OpenCVE AI on April 16, 2026 at 15:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a ChaiScript release newer than 6.1.0 once a patch is available.
  • If an upgrade is not feasible, quarantine or disable any code paths that invoke chaiscript::Boxed_Number::get_as or any scripts that might trigger it.
  • Monitor the ChaiScript GitHub issue tracker and public advisories for a fix, and apply any emergency updates promptly.

Generated by OpenCVE AI on April 16, 2026 at 15:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 06 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Mar 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:chaiscript:chaiscript:*:*:*:*:*:*:*:*

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Chaiscript
Chaiscript chaiscript
Vendors & Products Chaiscript
Chaiscript chaiscript

Sun, 01 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title ChaiScript boxed_number.hpp get_as memory corruption
Weaknesses CWE-119
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Chaiscript Chaiscript
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-06T14:52:28.017Z

Reserved: 2026-02-28T14:23:15.512Z

Link: CVE-2026-3382

cve-icon Vulnrichment

Updated: 2026-03-06T14:52:23.388Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-01T06:15:58.750

Modified: 2026-03-05T22:29:48.560

Link: CVE-2026-3382

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:15:39Z

Weaknesses